@lifeaitools/clauth 1.6.0 → 1.7.2

package/README.md

@@ -72,20 +72,20 @@ clauth get github
 ```
 clauth install              Provision Supabase + install Claude skill
 clauth setup                Register this machine with the vault
-clauth status               All services + state
-clauth search <query>       Find services by name, project, description, or redacted address
-clauth test                 Verify connection
+clauth status               All services + state
+clauth search <query>       Find services by name, project, description, or redacted address
+clauth test                 Verify connection
 
 clauth write key <service>  Store a credential
 clauth write pw             Change password
 clauth enable <svc|all>     Activate service
 clauth disable <svc|all>    Suspend service
-clauth get <service>        Retrieve a key
-clauth npm whoami           Verify npm token without PowerShell secret plumbing
-clauth npm sync-github-secret LIFEAI/rdc-skills
-                            Update GitHub NPM_TOKEN from clauth
-
-clauth add service <n>      Register new service
+clauth get <service>        Retrieve a key
+clauth npm whoami           Verify npm token without PowerShell secret plumbing
+clauth npm sync-github-secret LIFEAI/rdc-skills
+                            Update GitHub NPM_TOKEN from clauth
+
+clauth add service <n>      Register new service
 clauth remove service <n>   Remove service
 clauth revoke <svc|all>     Delete key (destructive)
 ```
@@ -127,7 +127,7 @@ Full daemon operations reference: see `regen-root/.claude/rules/clauth.md`.
 
 ---
 
-## MCP Server — 3 Namespaces, 32 Tools
+## MCP Server — 3 Namespaces, 32 Tools
 
 clauth is the single MCP interface for all local tools. One process, namespaced paths:
 
@@ -135,18 +135,18 @@ clauth is the single MCP interface for all local tools. One process, namespaced
 |------|-----------|-------|-------------|
 | `/clauth` | `clauth_*` | 13 | Credential vault operations |
 | `/gws` | `gws_*` | 6 | Google Workspace (Gmail, Calendar, Drive) |
-| `/fs` | `fs_*` | 13 | Filesystem (read, write, append, chunked write, URL ingest, Git import, stat, grep, glob, delete, mkdir, mounts) |
-| `/mcp` | all | 32 | All namespaces combined (Claude Code) |
-
-### FS Tools
-
-13 filesystem tools with path-jail security:
-- `fs_read`, `fs_write`, `fs_stat`, `fs_append`, `fs_write_chunk`, `fs_ingest_url`, `fs_import_git_files`, `fs_list`, `fs_grep`, `fs_glob`, `fs_delete`, `fs_mkdir`, `fs_mounts`
-- Uses `node:fs/promises` (async), `@vscode/ripgrep` (shipped binary), `fast-glob`
-- Permission flags per mount: `r` (read), `w` (write), `d` (delete)
-- Mount config stored as "fileserver" service type in vault — only configurable through web UI
-- Large writes should use `fs_write_chunk`; cloud-to-local transfer should use `fs_ingest_url`; guarded appends should pass `expected_sha256` from `fs_stat`
-- Durable new files authored by Claude.ai in GitHub should use `fs_import_git_files` so the local dirty monorepo fetches and restores only named paths without `git pull`
+| `/fs` | `fs_*` | 13 | Filesystem (read, write, append, chunked write, URL ingest, Git import, stat, grep, glob, delete, mkdir, mounts) |
+| `/mcp` | all | 32 | All namespaces combined (Claude Code) |
+
+### FS Tools
+
+13 filesystem tools with path-jail security:
+- `fs_read`, `fs_write`, `fs_stat`, `fs_append`, `fs_write_chunk`, `fs_ingest_url`, `fs_import_git_files`, `fs_list`, `fs_grep`, `fs_glob`, `fs_delete`, `fs_mkdir`, `fs_mounts`
+- Uses `node:fs/promises` (async), `@vscode/ripgrep` (shipped binary), `fast-glob`
+- Permission flags per mount: `r` (read), `w` (write), `d` (delete)
+- Mount config stored as "fileserver" service type in vault — only configurable through web UI
+- Large writes should use `fs_write_chunk`; cloud-to-local transfer should use `fs_ingest_url`; guarded appends should pass `expected_sha256` from `fs_stat`
+- Durable new files authored by Claude.ai in GitHub should use `fs_import_git_files` so the local dirty monorepo fetches and restores only named paths without `git pull`
 
 ### GWS Tools
 
@@ -200,15 +200,32 @@ Tests actual MCP tool calls (not just OAuth + listing).
 
 ## Releasing a New Version (maintainers)
 
+clauth is a **private** repo, so we do **not** use GitHub Actions to publish —
+Actions bill for minutes on private repos. (Reserve Actions for *public* repos,
+where they're free.) Publishing is **webhook-driven**, with a manual fallback.
+
 ```bash
 # 1. Bump version in package.json
-# 2. Commit and tag
-git tag v1.5.38
+# 2. Commit + tag + push — the tag push triggers the publish webhook
+git add -A && git commit -m "feat(...): description (vX.Y.Z)"
+git tag vX.Y.Z
 git push && git push --tags
-# GitHub Actions publishes automatically via Trusted Publishing
+
+# 3. Verify it published (direct registry check — bypasses npm's cache)
+curl -s https://registry.npmjs.org/@lifeaitools/clauth \
+  | python -c "import sys,json;print(json.load(sys.stdin)['dist-tags'])"
+
+# 4. Fallback — if the webhook did NOT publish (registry still shows the old
+#    version), publish manually with the vault npm token:
+clauth npm set-local          # writes ~/.npmrc auth from the vault 'npm' service
+npm publish --access public
 ```
 
-**NEVER** commit a version bump without tagging — the tag triggers npm CI.
+**NEVER** commit a version bump without tagging — the tag push is what triggers
+the publish webhook. If the webhook fails silently, the usual cause is a **stale
+npm token on the webhook receiver** (it holds an env copy, not the live vault
+value) — re-sync the receiver's token to the current vault `npm` service, then
+use the manual publish above to unblock the release.
 
 ---